US20100306842A1 - Information Processing Apparatus Capable of Authentication Processing Achieving Both of User Convenience and Security, Method of Controlling Information Processing Apparatus, and Recording Medium Recording Program for Controlling Information Processing Apparatus - Google Patents

Information Processing Apparatus Capable of Authentication Processing Achieving Both of User Convenience and Security, Method of Controlling Information Processing Apparatus, and Recording Medium Recording Program for Controlling Information Processing Apparatus Download PDF

Info

Publication number
US20100306842A1
US20100306842A1 US12/786,838 US78683810A US2010306842A1 US 20100306842 A1 US20100306842 A1 US 20100306842A1 US 78683810 A US78683810 A US 78683810A US 2010306842 A1 US2010306842 A1 US 2010306842A1
Authority
US
United States
Prior art keywords
authentication
password
user
processing
image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US12/786,838
Other versions
US8756670B2 (en
Inventor
Motohiro Asano
Chiho Murai
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Konica Minolta Inc
Original Assignee
Konica Minolta Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2009-133216 priority Critical
Priority to JP2009133216A priority patent/JP2010282285A/en
Application filed by Konica Minolta Inc filed Critical Konica Minolta Inc
Assigned to KONICA MINOLTA HOLDINGS, INC. reassignment KONICA MINOLTA HOLDINGS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MURAI, CHIHO, ASANO, MOTOHIRO
Publication of US20100306842A1 publication Critical patent/US20100306842A1/en
Application granted granted Critical
Publication of US8756670B2 publication Critical patent/US8756670B2/en
Application status is Active legal-status Critical
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • G06F21/608Secure printing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Abstract

Whether a log-in button has been pressed or not is determined. When it is determined that the log-in button has been pressed, an ID selection screen is displayed. Whether an ID has been selected or not is determined. When it is determined that an ID has been selected, whether a secure printing job is present or not is determined. Thereafter, whether password matching is successfully achieved or not is determined. Thereafter, whether a password image function is ON or not is determined. Then, when it is determined that password matching was successfully achieved and a password image authentication function is ON, password image authentication is carried out.

Description

  • This application is based on Japanese Patent Application No. 2009-133216 filed with the Japan Patent Office on Jun. 2, 2009, the entire content of which is hereby incorporated by reference.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to an information processing apparatus performing authentication processing, a method of controlling an information processing apparatus, and a program for controlling an information processing apparatus.
  • 2. Description of the Related Art
  • A printer or an MFP (Multi Function Peripheral) adapted to secure printing has conventionally been available. Secure printing refers to a function for having a password set at the time of printing by means of a printer driver and allowing print output as the password is successfully entered through a panel of a printer main body.
  • This function has increasingly been used, with growing tendency toward enhanced security of information among the general public.
  • In many cases, however, a user has been required to enter the same password each time he/she performs printing despite the fact that he/she repeatedly uses the same password previously set by means of the printer driver, and it has been very inconvenient.
  • In particular, many models of printers or MFPs are not provided with a keyboard as hardware and require input through a software keyboard or the like, which resulted in a time-consuming input operation and inconvenience.
  • In order to solve this problem, as described in Japanese Laid-Open Patent Publication No. 2005-335282, an IC card may also be used. Specifically, a scheme has been proposed, in which authentication information is registered in an IC card, the authentication information registered in the IC card is read for personal authentication, and then printing processing is performed.
  • It has been necessary, however, to provide a printer or an MFP with a function to read an IC card, which led to increase in cost.
  • Meanwhile, Japanese Laid-Open Patent Publication No. 2003-228553 proposes as a simplified authentication method, an authentication method for having a user select an image stored in a storage unit (a registered image) from among a plurality of pieces of image information.
  • On the other hand, for example, always selecting one piece of image information from among a plurality of pieces of image information for secure printing may be insufficient to ensure security.
  • SUMMARY OF THE INVENTION
  • The present invention was made to solve the above-described problems. An object of the present invention is to provide an information processing apparatus capable of performing authentication processing ensuring security to some extent in consideration of user's convenience, a method of controlling an information processing apparatus, and a program for controlling an information processing apparatus.
  • An information processing apparatus according to one aspect of the present invention includes a display for displaying an authentication screen and a controller for performing authentication processing in response to a user's input instruction on the authentication screen. The controller is capable of executing as the authentication processing, at least one of a first authentication scheme and a second authentication scheme more simplified than the first authentication scheme. When authentication processing in accordance with the first authentication scheme led to approval in response to the user's input instruction, the controller executes the second authentication scheme in next authentication processing.
  • Preferably, the first authentication scheme corresponds to password authentication.
  • Preferably, the second authentication scheme corresponds to authentication using a password image.
  • Preferably, the second authentication scheme corresponds to password authentication restricted in the number of characters, which is smaller than in the first authentication scheme.
  • In particular, password authentication in accordance with the first authentication scheme is approved when first registered key data registered in advance matches with key data input in accordance with the user's input instruction. In password authentication restricted in the number of characters, key data generated under a prescribed rule from the first registered key data is registered as second registered key data.
  • In particular, the second registered key data corresponds to data obtained by extracting a part of a character string of the first registered key data.
  • In particular, the second registered key data corresponds to data obtained by replacing a character in the first registered key data with a different character.
  • Preferably, the controller causes the display to display registered key data to be used in the second authentication scheme when authentication processing in accordance with the first authentication scheme led to approval in response to the user's input instruction.
  • Preferably, the first authentication scheme corresponds to authentication in a secure printing function.
  • Preferably, the first authentication scheme corresponds to authentication for logging in the apparatus.
  • Preferably, in the first authentication scheme, an instruction to enter at least one of a user ID and a password is issued.
  • Preferably, when authentication processing in accordance with the second authentication scheme led to approval in response to the user's input instruction, the controller has a time and day of approval registered.
  • In particular, the controller checks a validity period during which authentication processing in accordance with the second authentication scheme is permitted.
  • In particular, the controller performs authentication processing in accordance with the second authentication scheme during the validity period during which authentication processing in accordance with the second authentication scheme is permitted, based on the time and day of approval.
  • In particular, the controller updates the time and day of approval when authentication processing in accordance with the second authentication scheme led to approval.
  • Preferably, when authentication processing in accordance with the second authentication scheme failed, the controller executes the first authentication scheme.
  • A method of controlling an information processing apparatus according to one aspect of the present invention includes the steps of displaying an authentication screen and performing authentication processing in accordance with at least one of a first authentication scheme and a second authentication scheme more simplified than the first authentication scheme, in response to a user's input instruction on the authentication screen. In the step of performing authentication processing, when authentication processing in accordance with the first authentication scheme led to approval in response to the user's input instruction, the second authentication scheme is executed in next authentication processing.
  • A recording medium recording a control program executed in a computer representing an information processing apparatus according to one aspect of the present invention is provided, and the control program causes a computer to perform processing including the steps of displaying an authentication screen and performing authentication processing in accordance with at least one of a first authentication scheme and a second authentication scheme more simplified than the first authentication scheme, in response to a user's input instruction on the authentication screen, and in the step of performing authentication processing, when authentication processing in accordance with the first authentication scheme led to approval in response to the user's input instruction, the second authentication scheme is executed in next authentication processing.
  • The foregoing and other objects, features, aspects and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a diagram illustrating an information processing system 1 according to a first embodiment of the present invention.
  • FIG. 2 is a diagram illustrating a schematic block diagram of an MFP 20 according to the first embodiment of the present invention.
  • FIG. 3 is a diagram illustrating a schematic block diagram of a PC 100 according to the first embodiment of the present invention.
  • FIG. 4 is a flowchart illustrating print setting processing in PC 100 according to the first embodiment of the present invention.
  • FIG. 5 is a diagram illustrating a print setting screen 40 displayed on a display 206 by starting up a printer driver.
  • FIG. 6 is a diagram illustrating a screen 124 for registering authentication information in carrying out secure printing.
  • FIG. 7 is a diagram illustrating a functional block in an authentication processing unit 4 according to the first embodiment of the present invention.
  • FIG. 8 is a diagram illustrating an authentication table stored in an authentication data storage unit 36.
  • FIG. 9 is a flowchart illustrating secure printing processing in MFP 20 according to the first embodiment of the present invention.
  • FIG. 10 is a diagram illustrating an exemplary processing screen in secure printing according to the first embodiment of the present invention.
  • FIG. 11 is a flowchart illustrating password authentication processing in step S30.
  • FIG. 12 is a diagram illustrating a flow of processing in registration in the authentication table according to the first embodiment of the present invention when password authentication processing is performed.
  • FIG. 13 is a flowchart illustrating a flow of password image authentication processing.
  • FIG. 14 is a diagram illustrating a screen for password image authentication processing according to the first embodiment of the present invention.
  • FIG. 15 is a diagram illustrating a flow of processing in registration in the authentication table according to the first embodiment of the present invention when password image authentication processing is performed.
  • FIG. 16 is a flowchart illustrating a variation of authentication processing in MFP 20 according to the first embodiment of the present invention.
  • FIG. 17 is a flowchart illustrating a variation of password authentication processing in MFP 20 according to the first embodiment of the present invention.
  • FIG. 18 is a diagram illustrating a screen for password image authentication processing according to a variation of the first embodiment of the present invention.
  • FIG. 19 is a diagram illustrating a schematic block diagram of a PC 110 according to a second embodiment of the present invention.
  • FIG. 20 is a diagram illustrating a functional block in an authentication processing unit 208 according to the second embodiment of the present invention.
  • FIG. 21 is a flowchart illustrating processing for setting a user account according to the second embodiment of the present invention.
  • FIG. 22 is a diagram illustrating a user account setting screen 500.
  • FIG. 23 is a flowchart illustrating authentication processing in PC 110 according to the second embodiment of the present invention.
  • FIG. 24 is a diagram illustrating an exemplary screen for authentication processing according to the second embodiment of the present invention.
  • FIG. 25 is a flowchart illustrating password authentication processing in step S72.
  • FIG. 26 is a diagram illustrating a flow of processing in registration in an authentication table according to the second embodiment of the present invention when password authentication processing is performed.
  • FIG. 27 is a flowchart illustrating a flow of password image authentication processing.
  • FIG. 28 is a diagram illustrating a screen for password image authentication processing according to the second embodiment of the present invention.
  • FIG. 29 is a diagram illustrating a flow of processing in registration in the authentication table according to the second embodiment of the present invention when password image authentication processing is performed.
  • FIG. 30 is a diagram illustrating a functional block in an authentication processing unit 208# according to a third embodiment of the present invention.
  • FIG. 31 is a diagram illustrating user account setting screen 500.
  • FIG. 32 is a flowchart illustrating authentication processing in a PC according to the third embodiment of the present invention.
  • FIG. 33 is a diagram illustrating an exemplary screen for authentication processing according to the third embodiment of the present invention.
  • FIG. 34 is a flowchart illustrating password authentication processing in accordance with a first scheme in step S102.
  • FIG. 35 is a diagram illustrating a flow of processing in registration in an authentication table according to the third embodiment of the present invention when password authentication processing is performed.
  • FIG. 36 is a flowchart illustrating a flow of password authentication processing in accordance with a second scheme.
  • FIG. 37 is a diagram illustrating a screen for password authentication processing according to the third embodiment of the present invention.
  • FIG. 38 is a diagram illustrating a flow of processing in registration in the authentication table according to the third embodiment of the present invention when second password authentication processing is performed.
  • DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • An embodiment of the present invention will be described hereinafter in detail with reference to the drawings. In the drawings, the same or corresponding elements have the same reference characters allotted, and description thereof will not be repeated.
  • First Embodiment
  • An information processing system 1 according to a first embodiment of the present invention will be described with reference to FIG. 1.
  • Referring to FIG. 1, here, a case where a personal computer (hereinafter simply also referred to as a PC) 100 representing a terminal device and an MFP 20 are connected to each other through a LAN (Local Area Network) 17 is shown.
  • PC 100 and MFP 20 are connected to each other so that data can be transmitted and received through LAN 17, and in the present first embodiment, image data created on an application executed on PC 100 is output as a print job to MFP 20, A case where MFP 20 receives a print job transmitted from PC 100 and performs printing processing will be described.
  • Though a configuration where a single PC is connected as a terminal device to LAN 17 is described here, the number of devices is not limited to one and at least one device is only necessary. In addition, WAN (Wide Area Network) and the like may be employed, without limited to LAN.
  • A schematic block diagram of MFP 20 according to the first embodiment of the present invention will be described with reference to FIG. 2.
  • Referring to FIG. 2, MFP 20 according to the first embodiment of the present invention includes an HDD 2, an authentication processing unit 4, a ROM 6, a RAM 8, a CPU 10, a network card 12, a FAX modem 14, a scanner 16, a printer 18, and a control panel 19. These components are connected to one another through an internal bus and data can be transmitted and received thereamong.
  • HDD 2 is an area for storing various types of data.
  • Authentication processing unit 4 is a part executing authentication processing which will be described later.
  • ROM (Read Only Memory) 6 is a storage area in which a software program used for attaining a prescribed function in MFP 20 is stored.
  • RAM (Random Access Memory) 8 is used as a work area of CPU 10.
  • CPU 10 controls the entire MFP 20 and outputs a prescribed instruction to each component.
  • Network card 12 is an interface connected to external LAN 17, and for example, it receives a print job from PC 100. The received print job is stored in RAM 8. Then, print data (rendering data) included in the print job stored in RAM 8 is developed so that print data is printed on a prescribed sheet of paper.
  • FAX modem 14 performs a FAX function.
  • Scanner 16 reads a document set on a not-shown carrier and obtains image data.
  • Printer 18 prints image data on a prescribed sheet of paper.
  • Control panel 19 accepts user's various operation inputs and displays various types of setting information thereon.
  • A schematic block diagram of PC 100 according to the first embodiment of the present invention will be described with reference to FIG. 3.
  • Referring to FIG. 3, PC 100 according to the embodiment of the present invention is constituted of a main body portion, display means, and input means.
  • The display means corresponds to a display 206. In addition, an input portion 209 is implemented by a keyboard serving as key input means, a mouse representing a pointing device, or the like.
  • Though the description will be given in the present embodiment assuming that display 206 and input portion 209 are integrally formed, they may separately be formed.
  • Display 206 may be a liquid crystal display device, a CRT (Cathode Ray Tube) display device or a plasma display device, and any device capable of display may be employed.
  • The main body portion includes a CPU (Central Processing Unit) 201 for executing various programs including an operating system (OS), a RAM 212 for temporarily storing data necessary for execution of a program portion of CPU 201, a hard disk portion (HDD: Hard Disk Drive) 211 for storing a program executed by CPU 201 or data in a non-volatile manner, and a ROM 213 for storing in advance a program executed by CPU 201. ROM 213 or HDD 211 stores basic software (OS) in advance and various applications are executed by execution of the OS.
  • In addition, HDD 211 stores a printer driver which is a software program for transmitting a print job to MFP 20, and a function as will be described later is attained as a result of reading of the printer driver by CPU 201.
  • Such a program is read from a flexible disc 317 a, a CD-ROM (Compact Disc-Read Only Memory) 315 a or the like by an FD drive 217 or a CD-ROM drive 215. Then, the read program is stored in HDD 211 for use.
  • CPU 201 receives a user's instruction through input portion 209 and outputs a screen output generated by execution of a program to a display control unit 205.
  • Display control unit 205 outputs a screen output to display 206.
  • In addition, CPU 201 transmits a print job to MFP 20 connected to LAN 17 (or WAN or the like) through a network interface card (NIC) 207 implemented by a LAN card or the like.
  • The components described above transmit and receive data through an internal bus 203 among one another.
  • Print setting processing in PC 100 according to the first embodiment of the present invention will be described with reference to FIG. 4.
  • Referring to FIG. 4, initially, whether a printer driver has been started up or not is determined (step S2).
  • Specifically, CPU 201 determines whether or not an instruction to start up a printer driver has been issued through a mouse, a keyboard, or the like. When it is determined that the printer driver has been started up, a print setting screen is displayed (step S3).
  • A print setting screen 40 displayed on display 206 by starting up a printer driver will be described with reference to FIG. 5.
  • Referring to FIG. 5, in print setting screen 40, a plurality of setting items of various types relating to setting of a print environment can be set. Specifically, for example, by designating a plurality of tabs categorized for each setting item and provided in an upper portion by using a mouse representing a pointing device, a keyboard or the like, setting relating to various print environments can be made.
  • By designating various types of tabs, setting items or the like with a mouse or the like, for example, printing paper can be selected, or image quality, the number of copies or the like can be set.
  • In the present embodiment, various types of setting items in a case where a “basic setting” tab relating to basic setting was designated are displayed by way of example.
  • For example, an item for setting an orientation of a document and a size of a document is provided by way of example. In addition, an item button 116 relating to setting of an output method is shown. By designating item button 116, the user can perform an operation for changing setting for various output methods such as “normal printing”, “secure printing” and the like, for example, by using a pull-down menu.
  • In the present first embodiment, a case where secure printing is set as the setting item for the output method by using a mouse representing a pointing device will be described.
  • Unlike normal printing, “secure” printing is a function for allowing print output of image data included in a print job when authentication information such as a password is set in transmission of a print job and a password is entered through a panel on MFP 20 and then checked. With this function, such a problem that the print job is executed, print output is made but the output is left, leading to leakage of contents, can be avoided.
  • Here, in a lower region of print setting screen 40, an “apply” item button is provided. As the user designates an apply button 122 using a mouse or the like representing a pointing device, the set content, that is, secure printing in the present embodiment, is set.
  • Referring again to FIG. 4, whether a secure printing function has been selected or not is then determined (step S4). Specifically, CPU 20 can make determination based on whether or not secure printing has been designated as a setting item for the output method on print setting screen 40 by using the mouse.
  • When it is determined in step S4 that the secure printing function has been selected (YES in step S4), CPU 20 then has a registration screen displayed (step S5).
  • A screen 124 for registering authentication information in carrying out secure printing will be described with reference to FIG. 6.
  • Referring to FIG. 6, here, a case where input fields 126 and 128 for entering a user ID and a password to be registered as authentication information used in execution of secure printing are provided is shown.
  • As described above, registration screen 124 is displayed by designating apply button 122 in print setting screen 40 in FIG. 5.
  • A user ID can be entered in input field 126 by using a keyboard or the like, and a password can be entered in input field 128 by using a keyboard or the like.
  • Here, in a lower region of registration screen 124, a “set” item button is provided. As the user designates a set button 130 by using a mouse or the like representing a pointing device, setting as authentication information in secure printing is made.
  • On the other hand, by designating a “cancel” button 132, the process can end without setting authentication information in the registration screen for secure printing.
  • Referring again to FIG. 4, then, whether a user ID and a password have been entered or not is determined (step S6). Specifically, determination is made based on whether or not input was made in input fields 126 and 128 and the “set” item button was designated in the registration screen.
  • When it is determined in step S6 that the user ID and the password were entered (YES in step S6), CPU 201 then sets authentication information (step S7).
  • Thereafter, whether a print job has been transmitted or not is determined (step S8).
  • Specifically, determination is made based on whether or not the user designated an OK button 120 by using a mouse or the like representing a pointing device in print setting screen 40 in FIG. 5. When the OK button was designated, a print job is transmitted from PC 100 to MFP 20 and the process ends (end).
  • In the first embodiment of the present invention, an authentication scheme convenient for the user in a case where a secure printing job is transmitted from PC 100 to MFP 20 a plurality of times will be described.
  • Briefly speaking, in authentication for the first time, password authentication is carried out, and subsequently, in next authentication, password image authentication is carried out.
  • A functional block in authentication processing unit 4 according to the first embodiment of the present invention will be described with reference to FIG. 7.
  • Referring to FIG. 7, authentication processing unit 4 includes an authentication method selection unit 30, a password authentication unit 32, a password image authentication unit 34, an authentication data storage unit 36, and a password image setting unit 38.
  • Authentication method selection unit 30 selects between authentication processing using password authentication unit 32 and authentication processing using password image authentication unit 34.
  • Password authentication unit 32 carries out password authentication in accordance with a user's input instruction.
  • Password image authentication unit 34 carries out image authentication in accordance with a user's input instruction.
  • Authentication data storage unit 36 has an authentication table in which authentication data to be used for authentication is stored.
  • Though the description will be given later, password image setting unit 38 sets an image to be used in password image authentication unit 34.
  • The authentication table stored in authentication data storage unit 36 will be described with reference to FIG. 8.
  • Referring to FIG. 8, a table in which a user ID, a password, ON or OFF of a function to authenticate password image, and an authentication time are registered is shown.
  • Specifically, a case where “Alice”, “Bob”, “Charlie”, “David”, “Erik”, and “Fred” are registered as user IDs is shown.
  • A case where a password “Ow8gcA”, a password image “none”, ON or OFF of password image authentication function “OFF”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown by way of example. Though the description will be given later, ON or OFF of the password image authentication function is a flag for determining whether or not to carry out password image authentication. In addition, though the description will be given later, the authentication time is used for determining lapse of time since previous authentication.
  • In addition, a case where a password “wQ9DspX”, a password image “YES (an image object 310 in FIG. 10)”, ON or OFF of password image authentication function “ON”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown by way of another example.
  • Secure printing processing in MFP 20 according to the first embodiment of the present invention will be described with reference to FIG. 9.
  • Referring to FIG. 9, initially, CPU 10 determines whether secure printing has been selected or not. Whether or not secure printing has been selected by performing a prescribed operation of a not-shown operation key provided in control panel 19 is determined (step S12).
  • Then, when it is determined that secure printing has been selected (YES in step S12), an ID selection screen is displayed (step S14). Specifically, authentication method selection unit 30 described with reference to FIG. 7 reads the authentication table stored in authentication data storage unit 36 and causes the registered ID(s) to be displayed on control panel 19 as the ID selection screen.
  • An exemplary processing screen in secure printing according to the first embodiment of the present invention will be described with reference to FIG. 10.
  • FIG. 10(A) is a diagram illustrating an exemplary ID selection screen 300 according to the first embodiment of the present invention.
  • Referring to FIG. 10(A), here, a case where six registered IDs are displayed is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) through a touch panel.
  • Here, a case where an item 302 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • Referring again to FIG. 9, thereafter, whether an ID has been selected or not is determined (step S16). Specifically, authentication method selection unit 30 determines whether or not an item corresponding to an ID has been designated in the ID selection screen described above.
  • Thereafter, when it is determined that an ID has been selected (YES in step S16), whether a secure printing job is present or not is determined (step S18). Specifically, authentication method selection unit 30 determines whether a secure printing job corresponding the designated ID stored in RAM 8 has been received or not.
  • Then, when authentication method selection unit 30 determines that a secure printing job is present (YES in step S18), authentication method selection unit 30 thereafter determines whether password matching is successfully achieved or not (step S19). Specifically, whether or not a password set as authentication information in the secure printing job matches with a password in the authentication table stored in authentication data storage unit 36 corresponding to the user ID selected as above is determined.
  • Then, when it is determined that the passwords match with each other (YES in step S19), whether or not the password image authentication function is ON or not is then determined (step S20). Specifically, authentication method selection unit 30 checks a flag indicating ON or OFF of the password image authentication function of the corresponding ID in the authentication table.
  • Then, when it is determined that the password image authentication function is ON (YES in step S20), whether the current time is within two hours from previous authentication or not is determined (step S22). Specifically, authentication method selection unit 30 determines whether the current time is within two hours from previous authentication or not based on comparison with the current time, by referring to the authentication time of the corresponding ID in the authentication table.
  • Then, when it is determined that the current time is within two hours from previous authentication (YES in step S22), password image authentication is carried out (step S26). Specifically, authentication method selection unit 30 instructs password image authentication unit 34 to carry out password image authentication. Password image authentication will be described later.
  • Meanwhile, when it is determined that an ID has not been selected (NO in step S16), the process ends (end). For example, when a Stop button or the like is pressed, the secure printing processing ends.
  • Meanwhile, when it is determined in step S18 that a secure printing job is not present for the selected ID (NO in step S18) as well, the process ends.
  • Meanwhile, when the passwords do not match with each other in step S19 (NO in step S19), the process proceeds to step S30.
  • When it is determined in step S20 that the password image authentication function is not ON, that is, it is OFF (NO in step S20), the process proceeds to step S30.
  • Meanwhile, when it is determined in step S22 that the current time is not within two hours from previous authentication (NO in step S22), the process proceeds to step S30. As a result of such processing, a validity period of a password image can be set to two hours and security can be ensured. Though the validity period is set to two hours by way of example in the present embodiment, the validity period is not particularly limited thereto and any period can be set in consideration of security. In addition, whether authentication is carried out within the same one day or not can also be determined, and determination based on whether or not a prescribed condition is satisfied with a past authentication time serving as history may be made.
  • Password authentication processing in step S30 will be described with reference to FIG. 11.
  • Referring to FIG. 11, initially, a password entry screen is displayed (step S40). Specifically, password authentication unit 32 causes control panel 19 to display a password entry screen in response to an instruction from authentication method selection unit 30.
  • FIG. 10(B) is a diagram illustrating an exemplary password entry screen 308 according to the first embodiment of the present invention.
  • Referring to FIG. 10(B), here, a case where an indication to enter password is shown and an input field 304 for entry of a password using a screen of a software keyboard is provided is shown. The user enters a password registered by the user himself/herself in input field 304, by using the screen of the software keyboard.
  • FIG. 10(C) shows a case where a password was entered in input field 304 by using the screen of the software keyboard.
  • Then, an enter button 306 is pressed. Password authentication processing is thus started.
  • Referring again to FIG. 11, thereafter, whether a password has been entered or not is determined (step S42). Specifically, password authentication unit 32 makes determination based on whether or not a password was entered in input field 304 and enter button 306 was pressed in password entry screen 308 above.
  • Then, when it is determined that a password was entered (YES in step S42), whether authentication is OK or not is thereafter determined (step S44). Specifically, password authentication unit 32 determines whether the password entered in input field 304 matches with the password registered in the authentication table or not. Then, when the passwords match with each other, authentication is determined as OK.
  • When authentication is determined as OK (YES in step S44), print output is carried out (step S45). Specifically, the secure printing job is carried out and image data included in the job is developed in printer 18 and printed on a sheet of paper.
  • Then, notification of approval is given (step S46). Specifically, password authentication unit 32 notifies CPU 10 of approval.
  • Thereafter, a password image is displayed (step S48). Password authentication unit 32 instructs password image setting unit 38 to set a password image. Password image setting unit 38 sets any one password image among a plurality of password images and outputs the password image to password authentication unit 32. Then, password authentication unit 32 causes control panel 19 to display the password image set by password image setting unit 38. It is noted that display of a password image may be turned off after display for a prescribed period of time, such as approximately one second, or it may be turned off at any timing desired by the user.
  • A case where a password image according to the first embodiment of the present invention is displayed will be described with reference to FIG. 10(D).
  • Referring to FIG. 10(D), here, a case where an indication as “approved” is given and image object 310 is displayed under the indication “your password image” is shown. The image object is registered as an authentication key to be used in password image authentication which will be described later.
  • Referring again to FIG. 11, thereafter, the password image and the authentication time are stored and password image authentication function is set to ON (step S50). Specifically, password authentication unit 32 has the displayed image object registered as the password image, has the time of approval registered as the authentication time, and has the password image authentication function registered as ON, in the item fields of the corresponding ID in the authentication table of authentication data storage unit 36. Then, the process ends (end).
  • Meanwhile, when it is determined in step S42 that a password was not entered (NO in step S42), notification that authentication failed is given (step S52).
  • Meanwhile, when authentication was NG in step S44 as well (NO in step S44), notification that authentication failed is given (step S52). Specifically, password authentication unit 32 notifies CPU 10 of failure in authentication. As a result of this processing, CPU 10 can ensure security by prohibiting use of a function of MFP 20 by the user who failed in authentication.
  • Then, the process ends (end).
  • FIG. 12 is a diagram illustrating a flow of processing in registration in the authentication table according to the first embodiment of the present invention when password authentication processing is performed.
  • Referring to FIG. 12(A), here, a case where a password “Ow8gcA”, a password image “none”, ON or OFF of password image authentication function “OFF”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown.
  • Referring to FIG. 12(B), then, a case where a password “wQ9DspX”, a password image “YES (image object 310 in FIG. 10)”, ON or OFF of password authentication function “ON”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown.
  • Image authentication processing which will be described later is performed in accordance with this registration processing. In the present embodiment, a case where a secure printing job is received a plurality of times is assumed.
  • A flow of password image authentication processing will be described with reference to FIG. 13.
  • Referring to FIG. 13, initially, a password image selection screen is displayed (step S41). Specifically, password image authentication unit 34 causes control panel 19 to display a password image selection screen in response to an instruction from authentication method selection unit 30.
  • A screen for password image authentication processing according to the first embodiment of the present invention will be described with reference to FIG. 14.
  • FIG. 14(A) shows exemplary ID selection screen 300 according to the first embodiment of the present invention, as in FIG. 10(A) above.
  • Referring to FIG. 14(A), here, a case where six registered IDs are displayed as described above is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) through a touch panel.
  • A case where item 302 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • FIG. 14(B) is a diagram illustrating an exemplary password image selection screen 320 according to the first embodiment of the present invention.
  • Referring to FIG. 14(B), here, a plurality of image objects are displayed, and the user is invited to input his/her own password image that has been registered, from among the image objects. Then, the user inputs his/her own registered password image through the touch panel.
  • Then, as a result of input of the password image, password image authentication processing is started.
  • Referring again to FIG. 13, thereafter, whether a password image has been input or not is determined (step S43). Specifically, password image authentication unit 34 makes determination based on whether or not a password image has been input in password image selection screen 320 described above.
  • Then, when it is determined that a password image has been input (YES in step S43), whether authentication is OK or not is thereafter determined (step S44). Specifically, password image authentication unit 34 determines whether or not the input password image matches with the password image registered in the authentication table. Then, when the password images match with each other, authentication is determined as OK.
  • When authentication is determined as OK (YES in step S44), print output is carried out (step S45). Specifically, the secure printing job is carried out and image data included in the job is developed in printer 18 and printed on a sheet of paper.
  • Then, notification of approval is given (step S46). Specifically, password authentication unit 32 notifies CPU 10 of approval.
  • FIG. 14(C) is a diagram showing a case where authentication of a password image was successful.
  • Referring to FIG. 14(C), here, an indication as “approved” is shown.
  • With such an indication, the user is notified of approval.
  • According to such a configuration, security is ensured by password authentication processing, and in authentication for the second time, authentication can be carried out in a simplified manner by carrying out password image authentication, which contributes to user's convenience.
  • It is noted that a plurality of image objects displayed together with the registered password image above are provided in advance, however, any image object may be used. Alternatively, an image object is not limited to those provided in advance, and it may be obtained by downloading or through external registration by the user.
  • Referring again to FIG. 13, thereafter, the authentication time is updated and stored (step S47). Specifically, password image authentication unit 34 has the time of approval registered as the authentication time in the item field of the corresponding ID in the authentication table. Namely, the authentication time is updated. Then, the process ends (end). By updating the authentication time, the validity period of the password image can be re-started.
  • Meanwhile, when it is determined in step S44 that authentication was NG as well (NO in step S44), notification that authentication failed is given (step S52). Specifically, password image authentication unit 34 notifies CPU 10 of failure in authentication. As a result of this processing, CPU 10 can ensure security by prohibiting use of a function of MFP 20 by the user who failed in authentication.
  • Thereafter, password image information is erased (step S53). Specifically, password image authentication unit 34 instructs authentication data storage unit 36 to erase password image information. Since password image authentication is a simplified authentication processing scheme, if a password image is valid even after failure in authentication, a malicious third party may find out the password image.
  • FIG. 15 is a diagram illustrating a flow of processing in registration in the authentication table according to the first embodiment of the present invention when password image authentication processing is performed.
  • Referring to FIG. 15(A), here, a case where a password “OwSgcA”, a password image “none”, ON or OFF of password image authentication function “OFF”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown. In addition, a case where a password “wQ9DspX”, a password image “YES (image object 310 in FIG. 10)”, ON or OFF of password authentication function “ON”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown.
  • A case where password image authentication processing is performed for this user ID “Bob” will be described.
  • Referring to FIG. 15(B), here, a case where information in the authentication table is updated when authentication was OK is shown.
  • FIG. 15(B) is different from FIG. 15(A) in that the authentication time is registered as “09/1/7 11:35:14” in correspondence with the user ID “Bob”, but it is otherwise the same.
  • Referring to FIG. 15(C), here, a case where information in the authentication table is updated when authentication was NG is shown. Specifically, a case where the password image corresponding to the user ID “Bob” has been erased, the flag indicating ON or OFF of the password image authentication function has been set to OFF, and the authentication time has been erased is shown.
  • As a result of this processing, when authentication processing is performed again, only password authentication is valid and thus security can be enhanced by this processing.
  • In connection with the flowchart in FIG. 13 above, a case that, in the event of failure in authentication of a password image or the like, CPU 10 is notified of failure in authentication and password image information is erased has been described. Meanwhile, a rightful user may forget the registered password image and fail in authentication. In such a case, password authentication can also be carried out again.
  • A variation of authentication processing in MFP 20 according to the first embodiment of the present invention will be described with reference to FIG. 16.
  • Referring to FIG. 16, FIG. 16 is different from the flowchart in FIG. 13 in performing steps S30 and S53 instead of steps S52 and S53.
  • Specifically, when a password image was not input in step S43 or when authentication was NG in step S44, password image information is erased (step S53). Specifically, password image authentication unit 34 instructs authentication data storage unit 36 to erase password image information. Since password image authentication is a simplified authentication processing scheme, if a password image is valid even after failure in authentication, a malicious third party may find out the password image.
  • Thereafter, password authentication is carried out (step S30). Then, the process ends.
  • Password authentication is the same as described with reference to the flowchart in FIG. 11. Here, when password authentication is successful, a new password image can be registered by setting and registering the password image again, which contributes to user's convenience.
  • In addition, a case where password image setting unit 38 sets any one password image from among a plurality of images has been described above, however, the user may set a password image based on his/her intention.
  • FIG. 17 illustrates a variation of password authentication processing in MFP 20 according to the first embodiment of the present invention.
  • Referring to FIG. 17, FIG. 17 is different from the flowchart in FIG. 11 in processing in step S46 and subsequent steps. Specifically, after authentication was successful, a password image setting screen is then displayed (step S54). Password authentication unit 32 requires password image setting unit 38 of a plurality of password images that can be set. Password image setting unit 38 outputs a plurality of password images that can be set to password authentication unit 32. Then, password authentication unit 32 causes control panel 19 to display the plurality of password images that can be set, output from password image setting unit 38.
  • Then, whether a password image has been selected or not is determined (step S56). Specifically, password authentication unit 32 determines whether or not a user's instruction to input a password image has been given in the password image setting screen.
  • Then, when a password image has been selected (YES in step S56), the selected password image and the authentication time are stored and the password image authentication function is set to ON (step S57). Specifically, password authentication unit 32 has the selected image object registered as the password image, has the time of approval registered as the authentication time, and has the password image authentication function registered as ON, in the item fields of the corresponding ID in the authentication table of authentication data storage unit 36. Then, the process ends (end).
  • Meanwhile, when a password image was not selected (NO in step S56), password authentication unit 32 does not have a password image and an authentication time stored in the authentication table of authentication data storage unit 36 and sets the password image authentication function to OFF (step S58).
  • A screen for password image authentication processing according to the variation of the first embodiment of the present invention will be described with reference to FIG. 18.
  • Referring to FIG. 18(A), here, a case where six registered IDs are displayed as described above is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) through a touch panel.
  • A case where item 302 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • Referring to FIG. 18(B), this is a diagram illustrating exemplary password entry screen 308 as described above. Here, a case where an indication to enter password is shown and input field 304 for entry of a password using a screen of a software keyboard is provided is shown. The user enters a password registered by the user himself/herself in input field 304, by using the screen of the software keyboard. Then, the password is entered in input field 304 with the use of the screen of the software keyboard and enter button 306 is pressed. Password authentication processing is thus started.
  • Referring to FIG. 18(C), here, a case where an indication that “Approved. Decide on your password image.” is shown and a plurality of object images that can be registered are displayed is shown.
  • The user can decide on a password image based on his/her intention, from among the object images.
  • Then, the image object decided (designated) as the password image is registered as an authentication key to be used in password image authentication which will be described later.
  • According to such a configuration, since the user can decide on any password image, a user's preferred image can be set and convenience is improved.
  • Here, by selecting a “cancel” button 331, password authentication unit 32 does not have a password image and an authentication time stored in the authentication table of authentication data storage unit 36 and sets the password image authentication function to OFF. According to this configuration, when the user does not wish to use a password image, he/she can set that function to OFF, which contributes to improvement in user's convenience.
  • It is noted that the password image authentication function can also be set to OFF by providing “cancel” button 331 and selecting that button also in FIG. 10(D).
  • Though a case where a password image is presented after password authentication was successful has been described in the present embodiment, a password image may also be presented prior to password authentication, for example, at the time of setting of a password. In this case, authentication using a password image should only be validated at the time when password authentication was successful.
  • Second Embodiment
  • A case where password image authentication is carried out in executing a secure printing job in MFP 20 has been described above.
  • On the other hand, similar password image authentication can be carried out also in a PC.
  • A schematic block diagram of a PC 110 according to a second embodiment of the present invention will be described with reference to FIG. 19.
  • Referring to FIG. 19, PC 110 according to the embodiment of the present invention is substantially the same as PC 100 described with reference to FIG. 3, however, it is different in further including an authentication processing unit 208. Since the PC is otherwise the same, detailed description thereof will not be repeated.
  • It is noted that an OS (Operating System) (for example, Windows®) for performing basic functions in PC 110 is stored in ROM 213 or HDD 211 in the present embodiment and a software program for performing various types of processing is executed by starting up the OS stored in ROM 213 or HDD 211. In addition, a software program having what is called a screen saver function for protecting a screen while an input operation is not performed for a certain period of time is stored in ROM 213 or HDD 211 and a security function is provided as an additional function of the screen saver. Specifically, in returning from the screen saver function, authentication processing by authentication processing unit 208 is performed.
  • PC 110 according to the second embodiment of the present invention performs authentication processing at the time of turn-on of power for boot-up and at the time of returning from the screen saver function.
  • An authentication scheme in PC 110 highly convenient for the user will be described hereinafter in the second embodiment of the present invention.
  • Briefly speaking, in authentication for the first time, password authentication is carried out, and subsequently, any of password image authentication and password authentication is carried out.
  • A functional block in authentication processing unit 208 according to the second embodiment of the present invention will be described with reference to FIG. 20.
  • Referring to FIG. 20, authentication processing unit 208 includes a user account setting unit 402, an authentication method selection unit 404, a password authentication unit 406, a password image authentication unit 408, an authentication data storage unit 410, and a password image setting unit 412.
  • User account setting unit 402 performs processing for setting a user account.
  • Authentication method selection unit 404 selects between authentication processing using password authentication unit 406 and authentication processing using password image authentication unit 408.
  • Password authentication unit 406 carries out password authentication in accordance with a user's input instruction.
  • Password image authentication unit 408 carries out image authentication in accordance with a user's input instruction.
  • Authentication data storage unit 410 has an authentication table in which authentication data to be used for authentication is stored.
  • Though the description will be given later, password image setting unit 412 sets an image to be used in password image authentication unit 408.
  • Initially, processing for setting a user account for registration of authentication information will be described.
  • Processing for setting a user account according to the second embodiment of the present invention will be described with reference to FIG. 21.
  • Referring to FIG. 21, whether an instruction to set a user account has been issued or not is determined (S200).
  • Specifically, CPU 201 determines whether or not start-up of a user account setting program for registration of a user who uses PC 110 has been indicated in response to an input instruction through input portion 209 such as a mouse representing a pointing device. The user account setting program is stored, for example, in ROM 213 and started up in response to a prescribed instruction. For example, the program may be started up by designation of an icon provided in display 206.
  • When CPU 201 determines that an instruction to set a user account has been issued (YES in step S200), authentication processing unit 208 is started up. Then, user account setting unit 402 has a user account setting screen displayed (step S202).
  • A user account setting screen 500 will be described with reference to FIG. 22.
  • Referring to FIG. 22, here, a case where input fields 502 and 504 for entering a user ID and a password to be registered are provided in user account setting screen 500 is shown.
  • A user ID can be entered in input field 502 by using a keyboard or the like, and a password can be entered in input field 504 by using a keyboard or the like.
  • Here, in a lower region of user account setting screen 500, an “OK” item button 506 is provided. As the user designates OK button 506 by using a mouse or the like representing a pointing device, a user ID and a password representing account information can be set.
  • On the other hand, by designating a “Cancel” button 508, user account setting processing can end.
  • Referring again to FIG. 21, whether input for setting has been made or not is determined (step S204). Specifically, user account setting unit 402 determines whether or not a user ID and a password were entered and “OK” button 506 was pressed in the user account setting screen.
  • When it is determined in step S204 that input for setting has been made (YES in step S204), account information is registered (step S206). Specifically, user account setting unit 402 has the user ID and the password representing the account information registered in the authentication table of authentication data storage unit 410.
  • Then, the process ends (end).
  • Meanwhile, when it is determined in step S204 that input for setting was not made (NO in step S204), account information setting processing ends (end).
  • In the present embodiment, description will be given assuming that the user ID and the password are set in the user account setting screen above.
  • The authentication table stored in authentication data storage unit 410 is substantially the same as that described with reference to FIG. 8, however, an item of ON or OFF of the password image authentication function is not provided. Items of a user ID, a password, a password image, and an authentication time are provided. Since the authentication table is otherwise the same, detailed description thereof will not be repeated.
  • Authentication processing in PC 110 according to the second embodiment of the present invention will be described with reference to FIG. 23.
  • Referring to FIG. 23, initially, whether the PC has been started up or not is determined (step S60). Specifically, determination that the PC has been started up is made when power is turned on by using a not-shown power button. In addition, start-up of the PC includes returning from the screen saver after start-up thereof in the absence of an operation of PC 110 for a certain period of time.
  • When the PC is started up, CPU 201 starts up authentication processing unit 208 in PC 110 and performs authentication processing.
  • Thereafter, an ID selection screen is displayed (step S61). Specifically, authentication method selection unit 404 described with reference to FIG. 20 reads the authentication table stored in authentication data storage unit 410 and causes the registered ID(s) to be displayed on display 206 as the ID selection screen under the control of display control unit 205.
  • An exemplary screen for authentication processing according to the second embodiment of the present invention will be described with reference to FIG. 24.
  • FIG. 24(A) is a diagram illustrating an exemplary ID selection screen 602 according to the second embodiment of the present invention.
  • Referring to FIG. 24(A), here, a case where four registered IDs are displayed is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) using a mouse or the like representing a pointing device.
  • Here, a case where an item 604 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • Referring again to FIG. 23, thereafter, whether an ID has been selected or not is determined (step S62). Specifically, authentication method selection unit 404 determines whether or not an item corresponding to an ID has been designated in the ID selection screen described above.
  • Thereafter, when it is determined that an ID has been selected (YES in step S62), whether or not a password image is set and the authentication time indicates a time within the same day (step S64). Specifically, authentication method selection unit 404 reads the authentication table stored in authentication data storage unit 410 and determines whether or not the authentication time indicates a time within the same day if the authentication time has been registered for the corresponding ID.
  • Then, when authentication method selection unit 404 determines that the password image is set and the authentication time indicates a time within the same day (YES in step S64), authentication method selection unit 404 thereafter determines whether the current time is within ten minutes from start-up of the screen saver or not (step S66). Specifically, authentication method selection unit 404 determines whether the current time is within ten minutes or not based on comparison between the time of start-up of the screen saver and the current time.
  • When it is determined in step S66 that the current time is within ten minutes from start-up of the screen saver (step S66), password image authentication is carried out (step S68). Specifically, authentication method selection unit 404 instructs password image authentication unit 408 to carry out password image authentication when the current time is within ten minutes from start-up of the screen saver. Password image authentication will be described later.
  • Meanwhile, when it is determined that an ID has not been selected (NO in step S62), the authentication processing ends (end). For example, though not shown, authentication processing ends when “cancel” or the like is pressed. In such a case, PC 110 is set to be unusable.
  • Meanwhile, when it is determined in step S64 that a password image is set but the authentication time does not indicate a time within the same day (NO in step S64), the process proceeds to step S72. Specifically, authentication method selection unit 404 instructs password authentication unit 406 to carry out password authentication. When the authentication time does not indicate a time within the same day, password authentication is carried out in order to ensure security. Password authentication will be described later.
  • Meanwhile, when it is determined in step S66 that the current time is not within ten minutes from start-up of the screen saver (NO in step S66), the process proceeds to step S72. Specifically, authentication method selection unit 404 instructs password authentication unit 406 to carry out password authentication. When the current time is not within ten minutes from start-up of the screen saver, password authentication is carried out in order to ensure security. For example, since the screen saver is not started up at the time of turn-on of power for boot-up, password authentication is carried out.
  • Password authentication processing in step 572 will be described with reference to FIG. 25.
  • Referring to FIG. 25, initially, a password entry screen is displayed (step S110). Specifically, password authentication unit 406 causes display 206 to display a password entry screen in response to an instruction from authentication method selection unit 404.
  • FIG. 24(B) is a diagram illustrating an exemplary password entry screen according to the second embodiment of the present invention.
  • Referring to FIG. 24(B), here, a case where an indication to enter password is shown and an input field 606 for entry of a password is provided is shown. The user enters a password registered by the user himself/herself in input field 606, by using a keyboard implementing input portion 209.
  • Then, an enter button 608 is pressed. Password authentication processing is thus started.
  • Referring again to FIG. 25, thereafter, whether a password has been entered or not is determined (step S112). Specifically, password authentication unit 406 makes determination based on whether or not a password was entered in input field 606 and enter button 608 was pressed in the aforementioned password entry screen.
  • Then, when it is determined that a password was entered (YES in step S112), whether authentication is OK or not is thereafter determined (step S114). Specifically, password authentication unit 406 determines whether the password entered in input field 606 matches with the password registered in the authentication table or not. Then, when the passwords match with each other, authentication is determined as OK.
  • When authentication is determined as OK (YES in step S114), log-in processing is thereafter performed (step S116). Specifically, password authentication unit 406 notifies CPU 10 of approval. PC 110 can thus be used. As described above, for example, when power is turned on for boot-up, the screen saver has not yet been started up and hence password authentication is carried out. Namely, when power is turned on for boot-up, security can be enhanced by having common password authentication carried out.
  • Thereafter, a password image is displayed (step S118). Password authentication unit 406 instructs password image setting unit 412 to set a password image. Password image setting unit 412 sets any one password image among a plurality of password images and outputs the password image to password authentication unit 406. Then, password authentication unit 406 causes display 206 to display the password image set by password image setting unit 412. It is noted that display of a password image may be turned off after display for a prescribed period of time, such as approximately one second, or it may be turned off at any timing desired by the user.
  • A case where a password image according to the second embodiment of the present invention is displayed will be described with reference to FIG. 24(C).
  • Referring to FIG. 24(C), here, a case where an indication as approved is shown and an image object 610 is displayed under the indication “your password image” is shown. The image object is registered as an authentication key to be used in password image authentication which will be described later.
  • Referring again to FIG. 25, thereafter, the password image and the authentication time are stored (step S120). Specifically, password authentication unit 406 has the displayed image object registered as the password image and has the time of approval registered as the authentication time, in the item fields of the corresponding ID in the authentication table of authentication data storage unit 410. Then, the process ends (end).
  • Meanwhile, when it is determined in step S114 that authentication was NG (NO in step S114), log-in is not permitted (step S122). As a result of this processing, security can be ensured by prohibiting use of a function of PC 110 by the user who failed in log-in.
  • FIG. 26 is a diagram illustrating a flow of processing in registration in the authentication table according to the second embodiment of the present invention when password authentication processing is performed.
  • Referring to FIG. 26(A), here, a case where a password “Ow8gcA”, a password image “none”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown.
  • Referring to FIG. 26(B), then, a case where a password “wQ9DspX”, a password image “YES (image object 610 in FIG. 24)”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown.
  • Image authentication processing which will be described later is performed in accordance with this registration processing.
  • A flow of password image authentication processing will be described with reference to FIG. 27.
  • Referring to FIG. 27, initially, a password image selection screen is displayed (step S80). Specifically, password image authentication unit 408 causes display 206 to display a password image selection screen in response to an instruction from authentication method selection unit 404.
  • A screen for password image authentication processing according to the second embodiment of the present invention will be described with reference to FIG. 28.
  • FIG. 28(A) shows exemplary ID selection screen 602 according to the second embodiment of the present invention, as in FIG. 24(A) above.
  • Referring to FIG. 28(A), here, a case where four registered IDs are displayed as described above is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) using a mouse representing a pointing device.
  • A case where item 604 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • FIG. 28(B) is a diagram illustrating an exemplary password image selection screen 612 according to the second embodiment of the present invention.
  • Referring to FIG. 28(B), here, a plurality of image objects are displayed and the user is invited to input his/her own password image that has been registered, from among the image objects. Then, the user inputs his/her own registered password image using a mouse representing a pointing device. In the present embodiment, an image object 614 is designated by way of example.
  • Then, as a result of input of the password image, password image authentication processing is started.
  • Referring again to FIG. 27, thereafter, whether a password image has been input or not is determined (step S82). Specifically, password image authentication unit 408 makes determination based on whether or not a password image has been input in password image selection screen 612 described above. When a password image has not been input (NO in step S82), the process proceeds to step S87. Specifically, though not shown, such a case corresponds to designation of a “Cancel” button with a mouse or the like.
  • Then, when it is determined that a password image has been input (YES in step S82), whether authentication is OK or not is thereafter determined (step S84). Specifically, password image authentication unit 408 determines whether the input password image matches with the password image registered in the authentication table or not. Then, when the password images match with each other, authentication is determined as OK.
  • When authentication is determined as OK (YES in step S84), log-in processing is performed (step S85). Specifically, password image authentication unit 408 notifies CPU 10 of approval. PC 110 can thus be used.
  • FIG. 28(C) is a diagram showing a case where authentication of a password image was successful.
  • Referring to FIG. 28(C), here, an indication as “approved” is shown.
  • With such an indication, the user is notified of approval.
  • According to such a configuration, security is ensured by password authentication processing, and in authentication satisfying a prescribed condition, authentication can be carried out in a simplified manner by carrying out password image authentication, which contributes to user's convenience. Namely, in the present embodiment, when the current time is within ten minutes from start-up of the screen saver, password image authentication is carried out. Therefore, in returning after start-up of the screen saver, simplified authentication processing can be carried out by inputting a password image, so that burden imposed on the user, that is, necessity of repeated password authentication, can be alleviated and user's convenience can be improved.
  • Referring again to FIG. 27, thereafter, the authentication time is updated and stored (step S86). Specifically, password image authentication unit 408 has the time of approval registered as the authentication time in the item field of the corresponding ID in the authentication table. Namely, the authentication time is updated. Then, the process ends (end). By updating the authentication time, the validity period of the password image can be re-started.
  • Meanwhile, when it is determined in step S84 that authentication was NG (NO in step S84), password image information is erased (step S87). Since password image authentication is a simplified authentication processing scheme, if a password image is valid even after failure in authentication, a malicious third party may find out the password image.
  • Then, password authentication is carried out (step S72). As password authentication is the same as described with reference to FIG. 25, detailed description thereof will not be repeated.
  • Specifically, password authentication unit 406 carries out password authentication when authentication was NG, so that user's convenience can be improved.
  • FIG. 29 is a diagram illustrating a flow of processing in registration in the authentication table according to the second embodiment of the present invention when password image authentication processing is performed.
  • Referring to FIG. 29(A), here, a case where a password “Ow8gcA”, a password image “none”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown. In addition, a case where a password “wQ9DspX”, a password image “YES (image object 610 in FIG. 24)”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown.
  • A case where password image authentication processing is performed for this user ID “Bob” will be described.
  • Referring to FIG. 29(B), here, a case where information in the authentication table is updated when authentication was OK is shown.
  • FIG. 29(B) is different from FIG. 29(A) in that the authentication time is registered as “09/1/7 11:35:14” in correspondence with the user ID “Bob”, however, it is otherwise the same.
  • Referring to FIG. 29(C), here, a case where information in the authentication table is updated when authentication was NG is shown. Specifically, a case where the password image has been erased and the authentication time has been erased in correspondence with the user ID “Bob” is shown.
  • As a result of this processing, in performing authentication processing again, only password authentication is valid and thus security can be enhanced by this processing.
  • Password authentication is the same as described with reference to the flowchart in FIG. 25. Here, when password authentication is successful, a password image is set again and registered and thus a new password image can be registered, which contributes to user's convenience.
  • A case where password image setting unit 412 sets any one password image from among a plurality of images has been described above, however, the user may set a password image based on his/her intention.
  • Specifically, as described with reference to FIG. 14(B), any one password image may be selected from among a plurality of password images. According to such a configuration, since the user can decide on any password image, a user's preferred image can be set and convenience is improved.
  • Third Embodiment
  • A scheme with which authentication processing is performed in a simplified manner by using a password image has been described above.
  • In the present embodiment, a scheme with which authentication processing is performed in a simplified manner by using another scheme instead of a password image will be described.
  • A configuration of a PC according to a third embodiment of the present invention is the same as that of PC 110 described with reference to FIG. 19, however, it is different in that authentication processing unit 208 is replaced with an authentication processing unit 208#. Since the PC is otherwise the same, detailed description thereof will not be repeated.
  • As described above, the PC according to the third embodiment of the present invention performs authentication processing at the time of turn-on of power for boot-up and at the time of returning from the screen saver function.
  • A functional block in authentication processing unit 208# according to the third embodiment of the present invention will be described with reference to FIG. 30.
  • Referring to FIG. 30, authentication processing unit 208# includes user account setting unit 402, authentication method selection unit 404, a first password authentication unit 406#, a second password authentication unit 408#, authentication data storage unit 410, and a second password setting unit 413.
  • User account setting unit 402 performs processing for setting a user account.
  • Authentication method selection unit 404 selects between authentication processing using first password authentication unit 406# and authentication processing using second password authentication unit 408#.
  • First password authentication unit 406# carries out password authentication in accordance with a first scheme (also referred to as first password authentication) in accordance with a user's input instruction.
  • Second password authentication unit 408# carries out password authentication in accordance with a second scheme (also referred to as second password authentication) in accordance with a user's input instruction.
  • Authentication data storage unit 410 has an authentication table in which authentication data to be used for authentication is stored.
  • Though the description will be given later, second password setting unit 413 sets a password to be used in second password authentication unit 408#.
  • Since the setting processing in user account setting unit 402 is the same as described with reference to FIG. 22, detailed description thereof will not be repeated.
  • User account setting screen 500 will be described with reference to FIG. 31.
  • Referring to FIG. 31, user account setting screen 500 the same as in FIG. 22 is shown. Since the screen is the same as in FIG. 22, detailed description thereof will not be provided.
  • In the present embodiment, description will be given assuming that the user ID and the password are set in the user account setting screen above.
  • The authentication table stored in authentication data storage unit 410 is substantially the same as that described with reference to FIG. 8, however, an item of ON or OFF of the password image authentication function is not provided. Items of a user ID, a password, a simplified password, and an authentication time are provided. Since the authentication table is otherwise the same, detailed description thereof will not be repeated.
  • Authentication processing in the PC according to the third embodiment of the present invention will be described with reference to FIG. 32.
  • Referring to FIG. 32, initially, whether the PC has been started up or not is determined (step S60). Specifically, determination that the PC has been started up is made when power is turned on by using a not-shown power button. In addition, start-up of the PC includes returning from the screen saver after start up thereof in the absence of an operation of PC 110 for a prescribed period of time.
  • When the PC is started up, CPU 201 starts up authentication processing unit 208# in the PC and performs authentication processing.
  • Thereafter, an ID selection screen is displayed (step S61). Specifically, authentication method selection unit 404 described with reference to FIG. 30 reads the authentication table stored in authentication data storage unit 410 and causes the registered ID(s) to be displayed on display 206 as the ID selection screen under the control of display control unit 205.
  • An exemplary screen for authentication processing according to the third embodiment of the present invention will be described with reference to FIG. 33
  • FIG. 33(A) is a diagram illustrating exemplary ID selection screen 602 according to the third embodiment of the present invention.
  • Referring to FIG. 33(A), here, a case where four registered IDs are displayed is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) using a mouse or the like representing a pointing device.
  • Here, a case where item 604 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • Referring again to FIG. 32, thereafter, whether an ID has been selected or not is determined (step S62). Specifically, authentication method selection unit 404 determines whether or not an item corresponding to an ID has been designated in the ID selection screen described above.
  • Thereafter, when it is determined that an ID has been selected (YES in step S62), whether or not a simplified password is set and the authentication time indicates a time within the same day (step S94). Specifically, authentication method selection unit 404 reads the authentication table stored in authentication data storage unit 410 and determines whether or not the authentication time indicates a time within the same day if the authentication time has been registered for the corresponding ID.
  • Then, when authentication method selection unit 404 determines that the simplified password is set and the authentication time indicates a time within the same day (YES in step S94), authentication method selection unit 404 thereafter determines whether the current time is within ten minutes from start-up of the screen saver or not (step S66). Specifically, authentication method selection unit 404 determines whether the current time is within ten minutes or not based on comparison between the time of start-up of the screen saver and the current time.
  • When it is determined in step S66 that the current time is within ten minutes from start-up of the screen saver (step S66), second password authentication is carried out (step S98). Specifically, authentication method selection unit 404 instructs second password authentication unit 408# to carry out password authentication in accordance with the second scheme. Password authentication in accordance with the second scheme will be described later.
  • Meanwhile, when it is determined that an ID has not been selected (NO in step S62), the authentication processing ends (end). For example, though not shown, authentication processing ends when “cancel” or the like is pressed. In such a case, the PC is set to be unusable.
  • Meanwhile, when it is determined in step S94 that a simplified password is set but the authentication time does not indicate a time within the same day (NO in step S94), the process proceeds to step S102. Specifically, authentication method selection unit 404 instructs first password authentication unit 406# to carry out password authentication in accordance with the first scheme. Password authentication in accordance with the first scheme will be described later.
  • Meanwhile, when it is determined in step S66 that the current time is not within ten minutes from start-up of the screen saver (NO in step S66), the process proceeds to step S102. Specifically, authentication method selection unit 404 instructs first password authentication unit 406# to carry out password authentication. For example, since the screen saver is not started up at the time of turn-on of power for boot-up, password authentication is carried out.
  • Password authentication processing in accordance with the first scheme in step S102 will be described with reference to FIG. 34.
  • Password authentication processing in accordance with the first scheme is authentication processing based on common comparison between passwords.
  • Referring to FIG. 34, initially, a password entry screen is displayed (step S110). Specifically, first password authentication unit 406# causes display 206 to display a password entry screen in response to an instruction from authentication method selection unit 404.
  • FIG. 33(B) is a diagram illustrating an exemplary password entry screen according to the third embodiment of the present invention.
  • Referring to FIG. 33(B), here, a case where an indication to enter password is shown and input field 606 for entry of a password is provided is shown. The user enters a password registered by the user himself/herself in input field 606, by using a keyboard implementing input portion 209.
  • Then, enter button 608 is pressed. Password authentication processing is thus started.
  • Referring again to FIG. 34, thereafter, whether a password has been entered or not is determined (step S112). Specifically, first password authentication unit 406# makes determination based on whether or not a password was entered in input field 606 and enter button 608 was pressed in the aforementioned password entry screen.
  • Then, when it is determined that a password was entered (YES in step S112), whether authentication is OK or not is thereafter determined (step S114). Specifically, first password authentication unit 406# determines whether the password entered in input field 606 matches with the password registered in the authentication table or not. Then, when the passwords match with each other, authentication is determined as OK.
  • When authentication is determined as OK (YES in step S114), log-in processing is thereafter performed (step S116). Specifically, first password authentication unit 406# notifies CPU 10 of approval. PC 110 can thus be used. As described above, for example, when power is turned on for boot-up, the screen saver has not yet been started up and hence password authentication is carried out. Namely, when power is turned on for boot-up, security can be enhanced by having common password authentication carried out.
  • Thereafter, a simplified password is displayed (step S117). First password authentication unit 406# instructs second password setting unit 413 to set a simplified password restricted in terms of the number of characters. Second password setting unit 413 sets a new, different password (simplified password) based on the registered password, under a prescribed rule. In the present embodiment, two characters at the beginning of the registered password are extracted by way of example.
  • Then, second password setting unit 413 extracts two characters at the beginning from the registered password, and sets and outputs a simplified password to first password authentication unit 406#. Then, first password authentication unit 406# causes display 206 to display the simplified password set by second password setting unit 413. It is noted that display of a simplified password may be turned off after display for a prescribed period of time, such as approximately one second, or it may be turned off at any timing desired by the user.
  • A case where a simplified password according to the third embodiment of the present invention is displayed will be described with reference to FIG. 33(C).
  • Referring to FIG. 33(C), here, a case where an indication as “approved” is shown and a password “wQ” 611 is displayed under the indication “your simplified password” is shown. The simplified password is registered as an authentication key to be used in password authentication in accordance with the second scheme which will be described later.
  • Referring again to FIG. 34, thereafter, the simplified password and the authentication time are stored (step S121). Specifically, first password authentication unit 406# has the displayed password registered as the simplified password and has the time of approval registered as the authentication time, in the item fields of the corresponding ID in the authentication table of authentication data storage unit 410. Then, the process ends (end).
  • Meanwhile, when it is determined in step S114 that authentication was NG (NO in step S114), log-in is not permitted (step S122). As a result of this processing, security can be ensured by prohibiting use of a function of PC 110 by the user who failed in log-in.
  • FIG. 35 is a diagram illustrating a flow of processing in registration in the authentication table according to the third embodiment of the present invention when password authentication processing is performed.
  • Referring to FIG. 35(A), here, a case where a password “Ow8gcA”, a simplified password “none”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown.
  • Referring to FIG. 35(B), then, a case where a password “wQ9DspX”, a simplified password “wQ”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown.
  • Password authentication processing in accordance with the second scheme which will be described later is performed in accordance with this registration processing.
  • A flow of password authentication processing in accordance with the second scheme will be described with reference to FIG. 36.
  • Referring to FIG. 36, initially, a password entry screen is displayed (step S111). Specifically, second password authentication unit 408# causes display 206 to display a password entry screen in response to an instruction from authentication method selection unit 404.
  • A screen for password authentication processing according to the third embodiment of the present invention will be described with reference to FIG. 37.
  • FIG. 37(A) shows exemplary ID selection screen 602 according to the third embodiment of the present invention, as in FIG. 24(A) above.
  • Referring to FIG. 37(A), here, a case where four registered IDs are displayed as described above is shown. The user designates an item corresponding to his/her own ID (the user name in the present embodiment) using a mouse representing a pointing device.
  • A case where item 604 of the registered ID displayed as “Bob” representing the user name is provided is shown by way of example, and a case where “Bob” is designated will be described in the present embodiment.
  • FIG. 37(B) is a diagram illustrating an exemplary password entry screen according to the third embodiment of the present invention.
  • Referring to FIG. 37(B), here, an indication that “Enter password. Simplified password may be accepted.” is shown and an input field 631 is provided. The user can enter a password registered by the user himself/herself or a simplified password in input field 631, by using a keyboard implementing input portion 209.
  • Then, an enter button 632 is pressed. Second password authentication processing is thus started.
  • Referring again to FIG. 36, thereafter, whether a password or a simplified password has been entered or not is determined (step S113). Specifically, second password authentication unit 408# makes determination based on whether or not a password or a simplified password has been entered in input field 631 and enter button 632 was pressed in the password entry screen described above. When entry into input field 631 was not made (NO in step S113), the process proceeds to step S89. Specifically, though not shown, such a case corresponds to designation of a “Cancel” button with a mouse or the like.
  • Then, when it is determined that a password has been input (YES in step S113), whether authentication is OK or not is thereafter determined (step S115). Specifically, second password authentication unit 408# determines whether the password or simplified password entered in input field 631 matches with the password or simplified password registered in the authentication table or not. Then, when the passwords match with each other, authentication is determined as OK.
  • When authentication is determined as OK (YES in step S115), log-in processing is performed (step S85). Specifically, second password authentication unit 408# notifies CPU 10 of approval. The PC can thus be used.
  • FIG. 37(C) is a diagram showing a case where second password authentication was successful.
  • Referring to FIG. 37(C), here, an indication as “approved” is shown.
  • With such an indication, the user is notified of approval.
  • According to such a configuration, security is ensured by first password authentication, and in authentication satisfying a prescribed condition, authentication can be carried out in a simplified manner by carrying out second password authentication, which contributes to user's convenience. Namely, in the present embodiment, when the current time is within ten minutes from start-up of the screen saver, second password authentication is carried out. Therefore, in returning after start-up of the screen saver, simplified authentication processing can be carried out by carrying out second password authentication, so that burden imposed on the user, that is, necessity of repeated first password authentication, can be alleviated and user's convenience can be improved.
  • Referring again to FIG. 36, thereafter, the authentication time is updated and stored (step S86). Specifically, second password authentication unit 408# has the time of approval registered as the authentication time in the item field of the corresponding ID in the authentication table. Namely, the authentication time is updated. Then, the process ends (end). By updating the authentication time, the validity period of the simplified password can be re-started.
  • Meanwhile, when it is determined in step S115 that authentication was NG (NO in step S115), simplified password information is erased (step S89). Since second password authentication using a simplified password is a simplified authentication processing scheme, if a simplified password is valid even after failure in authentication, a malicious third party may find out the simplified password.
  • Meanwhile, when it is determined in step S113 that a password was not entered (NO in step S113) and when it is determined in step S115 that authentication was NG (NO in step S115), log-in is not permitted (step S122). As a result of this processing, security can be ensured by prohibiting use of a function of PC 110 by the user who failed in log-in.
  • FIG. 38 is a diagram illustrating a flow of processing in registration in the authentication table according to the third embodiment of the present invention when second password authentication processing is performed.
  • Referring to FIG. 38(A), here, a case where a password “Ow8gcA”, a simplified password “none”, and an authentication time “08/12/14 17:03:15” are registered in correspondence with the user ID “Alice” is shown. In addition, a case where a password “wQ9DspX”, a simplified password “wQ”, and an authentication time “09/1/7 11:20:34” are registered in correspondence with the user ID “Bob” is shown.
  • A case where second password authentication processing is performed for this user ID “Bob” will be described.
  • Referring to FIG. 38(B), here, a case where information in the authentication table is updated when authentication was OK is shown.
  • FIG. 38(B) is different from FIG. 38(A) in that the authentication time is registered as “09/1/7 11:35:14” in correspondence with the user ID “Bob”, however, it is otherwise the same.
  • Referring to FIG. 38(C), here, a case where information in the authentication table is updated when authentication was NG is shown. Specifically, a case where simplified password information has been erased and the authentication time has been erased in correspondence with the user ID “Bob” is shown.
  • As a result of this processing, in performing authentication processing again, only first password authentication is valid and thus security can be enhanced by this processing.
  • First password authentication is the same as described with reference to the flowchart in FIG. 34. Here, when password authentication is successful, a simplified password is set again and registered and thus a new simplified password can be registered, which contributes to user's convenience.
  • A scheme with which second password setting unit 413 extracts two characters at the beginning of a first password under a prescribed rule to set a simplified password serving as a second password in the present embodiment has been described above, however, the scheme is not particularly limited thereto and a simplified password may be set using other schemes.
  • For example, instead of two characters at the beginning, two characters in the end may be employed, or a prescribed number of characters may be extracted without limited to two characters.
  • Alternatively, one character in each set of five characters in continuously arranged password and user ID may be extracted. Alternatively, a simplified password may be set by shifting a character extracted as above to a next character one by one. For example, regarding characters arranged in the order of a to z in the alphabet, such shifting as c→d or z→a may be adopted. Alternatively, a number may be shifted in the ascending order to a next number, without limited to the alphabet. For example, such shifting as 8→9 may be adopted.
  • Alternatively, the shifting scheme above may be combined for use with extraction of two characters described above.
  • A rule for generating a simplified password above may be selected by the user or a simplified password itself may arbitrarily be set by the user.
  • Though the scheme above permits entry of any of a password and a simplified password in FIG. 37, in order to enhance security, two password entry screens are displayed separately to have the user enter passwords.
  • It is noted that, regarding each component for controlling the apparatus above, a program causing a computer to function to carry out control as described in the flow above can also be provided. Such a program may be recorded in a computer-readable recording medium such as a flexible disc, a CD-ROM (Compact Disk-Read Only Memory), a ROM (Read Only Memory), a RAM (Random Access Memory), and a memory card, to be attached to a computer, and may be provided as a program product. Alternatively, a program may be provided as recorded in a recording medium such as a hard disk contained in a computer. Alternatively, a program may be provided by downloading through a network.
  • A program may invoke a necessary module from among program modules provided as a part of the operation system (OS) of the computer at prescribed timing in prescribed sequences and cause the module to perform processing. Here, the program itself does not include the module above but processing is performed in cooperation with the OS. Such a program not including a module may also be encompassed in the program according to the present invention.
  • In addition, the program according to the present invention may be provided as incorporated as a part of another program. In this case as well, the program itself does not include the module included in another program but processing is performed in cooperation with another program. Such a program incorporated in another program may also be encompassed in the program according to the present invention.
  • A provided program product is installed in a program storage portion such as a hard disk and executed. It is noted that the program product includes a program itself and a recording medium recording a program.
  • Although the present invention has been described and illustrated in detail, it is clearly understood that the same is by way of illustration and example only and is not to be taken by way of limitation, the scope of the present invention being interpreted by the terms of the appended claims.

Claims (18)

1. An information processing apparatus, comprising:
a display for displaying an authentication screen; and
a controller for performing authentication processing in response to a user's input instruction on said authentication screen,
said controller being capable of executing as said authentication processing, at least one of a first authentication scheme and a second authentication scheme more simplified than said first authentication scheme, and
said controller executing said second authentication scheme in next authentication processing when authentication processing in accordance with said first authentication scheme led to approval in response to said user's input instruction.
2. The information processing apparatus according to claim 1, wherein
said first authentication scheme corresponds to password authentication.
3. The information processing apparatus according to claim 1, wherein
said second authentication scheme corresponds to authentication using a password image.
4. The information processing apparatus according to claim 1, wherein
said second authentication scheme corresponds to password authentication restricted in the number of characters, which is smaller than in said first authentication scheme.
5. The information processing apparatus according to claim 4, wherein
password authentication in accordance with said first authentication scheme is approved when first registered key data registered in advance matches with key data input in accordance with said user's input instruction, and
in said password authentication restricted in the number of characters, key data generated under a prescribed rule from said first registered key data is registered as second registered key data.
6. The information processing apparatus according to claim 5, wherein
said second registered key data corresponds to data obtained by extracting a part of a character string of said first registered key data.
7. The information processing apparatus according to claim 5, wherein
said second registered key data corresponds to data obtained by replacing a character in said first registered key data with a different character.
8. The information processing apparatus according to claim 1, wherein
said controller causes said display to display registered key data to be used in said second authentication scheme when authentication processing in accordance with said first authentication scheme led to approval in response to said user's input instruction.
9. The information processing apparatus according to claim 1, wherein
said first authentication scheme corresponds to authentication in a secure printing function.
10. The information processing apparatus according to claim 1, wherein
said first authentication scheme corresponds to authentication for logging in the apparatus.
11. The information processing apparatus according to claim 1, wherein
in said first authentication scheme, an instruction to enter at least one of a user ID and a password is issued.
12. The information processing apparatus according to claim 1, wherein
said controller has a time and day of approval registered, when authentication processing in accordance with said second authentication scheme led to approval in response to said user's input instruction.
13. The information processing apparatus according to claim 12, wherein
said controller checks a validity period during which authentication processing in accordance with said second authentication scheme is permitted.
14. The information processing apparatus according to claim 13, wherein
said controller performs authentication processing in accordance with said second authentication scheme during the validity period during which authentication processing in accordance with said second authentication scheme is permitted, based on said time and day of approval.
15. The information processing apparatus according to claim 14, wherein
said controller updates the time and day of approval when authentication processing in accordance with said second authentication scheme led to approval.
16. The information processing apparatus according to claim 1, wherein
said controller executes said first authentication scheme when authentication processing in accordance with said second authentication scheme failed.
17. A method of controlling an information processing apparatus, comprising the steps of:
displaying an authentication screen; and
performing authentication processing in accordance with at least one of a first authentication scheme and a second authentication scheme more simplified than said first authentication scheme, in response to a user's input instruction on said authentication screen, and
in said step of performing authentication processing, when authentication processing in accordance with said first authentication scheme led to approval 1 in response to said user's input instruction, said second authentication scheme is executed in next authentication processing.
18. A recording medium recording a control program executed in a computer representing an information processing apparatus, said control program causing the computer to perform processing including the steps of
displaying an authentication screen, and
performing authentication processing in accordance with at least one of a first authentication scheme and a second authentication scheme more simplified than said first authentication scheme, in response to a user's input instruction on said authentication screen, and
in said step of performing authentication processing, when authentication processing in accordance with said first authentication scheme led to approval in response to said user's input instruction, said second authentication scheme is executed in next authentication processing.
US12/786,838 2009-06-02 2010-05-25 Information processing apparatus capable of authentication processing achieving both of user convenience and security, method of controlling information processing apparatus, and recording medium recording program for controlling information processing apparatus Active 2031-06-08 US8756670B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2009-133216 2009-06-02
JP2009133216A JP2010282285A (en) 2009-06-02 2009-06-02 Information processing apparatus, method of controlling the same, and control program for information processing apparatus

Publications (2)

Publication Number Publication Date
US20100306842A1 true US20100306842A1 (en) 2010-12-02
US8756670B2 US8756670B2 (en) 2014-06-17

Family

ID=43221804

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/786,838 Active 2031-06-08 US8756670B2 (en) 2009-06-02 2010-05-25 Information processing apparatus capable of authentication processing achieving both of user convenience and security, method of controlling information processing apparatus, and recording medium recording program for controlling information processing apparatus

Country Status (2)

Country Link
US (1) US8756670B2 (en)
JP (1) JP2010282285A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150121489A1 (en) * 2012-05-04 2015-04-30 Rowem Inc. Icon Password Setting Apparatus and Icon Password Setting Method Using Keyword of Icon
US20150143493A1 (en) * 2013-11-21 2015-05-21 Qnap Systems, Inc. Electronic device and login method thereof
US20160241703A1 (en) * 2015-02-16 2016-08-18 Ricoh Company, Ltd. Information processing system and device control method

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5789186B2 (en) * 2011-12-21 2015-10-07 株式会社沖データ Image forming apparatus, the authentication printing system, and authentication method
JP6058990B2 (en) * 2012-11-30 2017-01-11 キヤノン株式会社 Information processing apparatus, authentication method, and program
JP6223009B2 (en) * 2013-06-19 2017-11-01 キヤノン株式会社 Image forming apparatus and a control method thereof, and program
JP6488673B2 (en) * 2013-12-06 2019-03-27 株式会社リコー Information processing apparatus, program, information management method, information processing system
JP6027577B2 (en) * 2014-07-23 2016-11-16 株式会社三井住友銀行 Authentication system, an authentication method, and program
JP6515869B2 (en) * 2016-05-26 2019-05-22 京セラドキュメントソリューションズ株式会社 Image forming apparatus and information processing apparatus

Citations (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5699514A (en) * 1995-12-26 1997-12-16 Lucent Technologies Inc. Access control system with lockout
US5875345A (en) * 1995-07-05 1999-02-23 International Business Machines Corporation Information processing system having dual power saving modes
US5928364A (en) * 1995-11-30 1999-07-27 Casio Computer Co., Ltd. Secret data storage device, secret data reading method, and control program storing medium
US20010030644A1 (en) * 1999-03-30 2001-10-18 Allport David E. Method of controlling multi-user access to the functionality of consumer devices
US6360326B1 (en) * 1998-09-09 2002-03-19 Compaq Information Technologies Group, L.P. Password delay
US20040218763A1 (en) * 2003-01-07 2004-11-04 Rose Gregory Gordon System, apparatus and method for replacing a cryptographic key
US20040225880A1 (en) * 2003-05-07 2004-11-11 Authenture, Inc. Strong authentication systems built on combinations of "what user knows" authentication factors
US20050044425A1 (en) * 2001-10-30 2005-02-24 Ari Hypponen Method and apparatus for selecting a password
US20060075092A1 (en) * 2004-10-06 2006-04-06 Kabushiki Kaisha Toshiba System and method for determining the status of users and devices from access log information
US20060101279A1 (en) * 2004-11-09 2006-05-11 Konica Minolta Business Technologies, Inc. Image processor
US7100203B1 (en) * 2000-04-19 2006-08-29 Glenayre Electronics, Inc. Operating session reauthorization in a user-operated device
US20060259960A1 (en) * 2005-05-13 2006-11-16 Kabushiki Kaisha Toshiba Server, method and program product for management of password policy information
USRE39808E1 (en) * 1997-02-25 2007-09-04 Ricoh Company, Ltd. Computer-based network printing system and method
US20070250920A1 (en) * 2006-04-24 2007-10-25 Jeffrey Dean Lindsay Security Systems for Protecting an Asset
US20080034412A1 (en) * 2006-08-02 2008-02-07 Informed Control Inc. System to prevent misuse of access rights in a single sign on environment
US20080034207A1 (en) * 2006-08-01 2008-02-07 Cisco Technology, Inc. Method and apparatus for selecting an appropriate authentication method on a client
US20080052245A1 (en) * 2006-08-23 2008-02-28 Richard Love Advanced multi-factor authentication methods
US20080068227A1 (en) * 2006-09-19 2008-03-20 Sharp Kabushiki Kaisha Input unit and electronic apparatus including same
US20080100865A1 (en) * 2006-10-31 2008-05-01 Brother Kogyo Kabushiki Kaisha Facsimile device
US20080104410A1 (en) * 2006-10-25 2008-05-01 Brown Daniel R Electronic clinical system having two-factor user authentication prior to controlled action and method of use
US20080115223A1 (en) * 2006-10-31 2008-05-15 Novell, Inc. Techniques for variable security access information
US20080195976A1 (en) * 2007-02-14 2008-08-14 Cho Kyung-Suk Method of setting password and method of authenticating password in portable device having small number of operation buttons
US20080250477A1 (en) * 2004-07-15 2008-10-09 Anakam Inc. System and method for second factor authentication services
US20090064289A1 (en) * 2007-09-05 2009-03-05 Samsung Electronics Co., Ltd. Method of authenticating user using server and image forming apparatus using the method
US20090113543A1 (en) * 2007-10-25 2009-04-30 Research In Motion Limited Authentication certificate management for access to a wireless communication device
US20090165125A1 (en) * 2007-12-19 2009-06-25 Research In Motion Limited System and method for controlling user access to a computing device
US20090276837A1 (en) * 2008-04-30 2009-11-05 Microsoft Corporation Credential equivalency and control
US7619766B2 (en) * 2004-05-28 2009-11-17 Oki Data Corporation Image forming device
US20090300733A1 (en) * 2008-05-30 2009-12-03 Fuji Xerox Co., Ltd. Information processing apparatus, authentication system, information processing method and storage medium
US20090296129A1 (en) * 2008-05-30 2009-12-03 Canon Kabushiki Kaisha Printing system, printing apparatus, image processing apparatus, and control method of printing system
US20090307765A1 (en) * 2008-06-06 2009-12-10 Ebay Inc. Authenticating users and on-line sites
US7650509B1 (en) * 2004-01-28 2010-01-19 Gordon & Howard Associates, Inc. Encoding data in a password
US20100017860A1 (en) * 2005-12-09 2010-01-21 Ishida Natsuki Authentication system and authentication method
US20100077457A1 (en) * 2008-09-23 2010-03-25 Sun Microsystems, Inc. Method and system for session management in an authentication environment
US20100100945A1 (en) * 2008-10-20 2010-04-22 Microsoft Corporation User authentication management
US20100138914A1 (en) * 2008-12-01 2010-06-03 Research In Motion Limited System and method of providing biometric quick launch
US20100146606A1 (en) * 2008-12-05 2010-06-10 Wayne Michael Delia Authentication method and system
US8094812B1 (en) * 2007-09-28 2012-01-10 Juniper Networks, Inc. Updating stored passwords

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0351946A (en) 1989-07-19 1991-03-06 Toshiba Corp Identification word confirming system
JP2001268649A (en) * 2000-03-22 2001-09-28 Nec Commun Syst Ltd Method and system for preventing illegal use of terminal device for mobile communication
JP4706817B2 (en) 2002-02-01 2011-06-22 誠 三原 Personal authentication system using a personal authentication method and a recording medium using a recording medium
JP4595376B2 (en) * 2004-04-28 2010-12-08 富士ゼロックス株式会社 Authentication device, authentication method and program
JP2005346310A (en) * 2004-06-01 2005-12-15 Canon Inc Information processor, information processing method and information processing system
JP2006072833A (en) * 2004-09-03 2006-03-16 Fuji Xerox Co Ltd Authentication device and method
JP2006185315A (en) * 2004-12-28 2006-07-13 Tokai Riken Kk Security system
JP2007034345A (en) * 2005-07-21 2007-02-08 Ricoh Co Ltd Simple authentication system for equipment
JP2008146449A (en) * 2006-12-12 2008-06-26 Konica Minolta Holdings Inc Authentication system, authentication method and program
JP2008282298A (en) 2007-05-14 2008-11-20 Panasonic Corp System management operation approval system, system management operation approving method, and program thereof

Patent Citations (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5875345A (en) * 1995-07-05 1999-02-23 International Business Machines Corporation Information processing system having dual power saving modes
US5928364A (en) * 1995-11-30 1999-07-27 Casio Computer Co., Ltd. Secret data storage device, secret data reading method, and control program storing medium
US5699514A (en) * 1995-12-26 1997-12-16 Lucent Technologies Inc. Access control system with lockout
USRE39808E1 (en) * 1997-02-25 2007-09-04 Ricoh Company, Ltd. Computer-based network printing system and method
US6360326B1 (en) * 1998-09-09 2002-03-19 Compaq Information Technologies Group, L.P. Password delay
US20010030644A1 (en) * 1999-03-30 2001-10-18 Allport David E. Method of controlling multi-user access to the functionality of consumer devices
US7100203B1 (en) * 2000-04-19 2006-08-29 Glenayre Electronics, Inc. Operating session reauthorization in a user-operated device
US20050044425A1 (en) * 2001-10-30 2005-02-24 Ari Hypponen Method and apparatus for selecting a password
US8127141B2 (en) * 2001-10-30 2012-02-28 F-Secure Oyj Method and apparatus for selecting a password
US20040218763A1 (en) * 2003-01-07 2004-11-04 Rose Gregory Gordon System, apparatus and method for replacing a cryptographic key
US20040225880A1 (en) * 2003-05-07 2004-11-11 Authenture, Inc. Strong authentication systems built on combinations of "what user knows" authentication factors
US7650509B1 (en) * 2004-01-28 2010-01-19 Gordon & Howard Associates, Inc. Encoding data in a password
US7619766B2 (en) * 2004-05-28 2009-11-17 Oki Data Corporation Image forming device
US20080250477A1 (en) * 2004-07-15 2008-10-09 Anakam Inc. System and method for second factor authentication services
US20060075092A1 (en) * 2004-10-06 2006-04-06 Kabushiki Kaisha Toshiba System and method for determining the status of users and devices from access log information
US20060101279A1 (en) * 2004-11-09 2006-05-11 Konica Minolta Business Technologies, Inc. Image processor
US20060259960A1 (en) * 2005-05-13 2006-11-16 Kabushiki Kaisha Toshiba Server, method and program product for management of password policy information
US20100017860A1 (en) * 2005-12-09 2010-01-21 Ishida Natsuki Authentication system and authentication method
US20070250920A1 (en) * 2006-04-24 2007-10-25 Jeffrey Dean Lindsay Security Systems for Protecting an Asset
US20080034207A1 (en) * 2006-08-01 2008-02-07 Cisco Technology, Inc. Method and apparatus for selecting an appropriate authentication method on a client
US20080034412A1 (en) * 2006-08-02 2008-02-07 Informed Control Inc. System to prevent misuse of access rights in a single sign on environment
US20080052245A1 (en) * 2006-08-23 2008-02-28 Richard Love Advanced multi-factor authentication methods
US20080068227A1 (en) * 2006-09-19 2008-03-20 Sharp Kabushiki Kaisha Input unit and electronic apparatus including same
US20080104410A1 (en) * 2006-10-25 2008-05-01 Brown Daniel R Electronic clinical system having two-factor user authentication prior to controlled action and method of use
US20080100865A1 (en) * 2006-10-31 2008-05-01 Brother Kogyo Kabushiki Kaisha Facsimile device
US20080115223A1 (en) * 2006-10-31 2008-05-15 Novell, Inc. Techniques for variable security access information
US20080195976A1 (en) * 2007-02-14 2008-08-14 Cho Kyung-Suk Method of setting password and method of authenticating password in portable device having small number of operation buttons
US20090064289A1 (en) * 2007-09-05 2009-03-05 Samsung Electronics Co., Ltd. Method of authenticating user using server and image forming apparatus using the method
US8094812B1 (en) * 2007-09-28 2012-01-10 Juniper Networks, Inc. Updating stored passwords
US20090113543A1 (en) * 2007-10-25 2009-04-30 Research In Motion Limited Authentication certificate management for access to a wireless communication device
US20090165125A1 (en) * 2007-12-19 2009-06-25 Research In Motion Limited System and method for controlling user access to a computing device
US20090276837A1 (en) * 2008-04-30 2009-11-05 Microsoft Corporation Credential equivalency and control
US20090300733A1 (en) * 2008-05-30 2009-12-03 Fuji Xerox Co., Ltd. Information processing apparatus, authentication system, information processing method and storage medium
US20090296129A1 (en) * 2008-05-30 2009-12-03 Canon Kabushiki Kaisha Printing system, printing apparatus, image processing apparatus, and control method of printing system
US20090307765A1 (en) * 2008-06-06 2009-12-10 Ebay Inc. Authenticating users and on-line sites
US20100077457A1 (en) * 2008-09-23 2010-03-25 Sun Microsystems, Inc. Method and system for session management in an authentication environment
US20100100945A1 (en) * 2008-10-20 2010-04-22 Microsoft Corporation User authentication management
US20100138914A1 (en) * 2008-12-01 2010-06-03 Research In Motion Limited System and method of providing biometric quick launch
US20100146606A1 (en) * 2008-12-05 2010-06-10 Wayne Michael Delia Authentication method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Wayne Jansen "Authentication mobile device users through image selection", NIST 2004, 10 pages *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150121489A1 (en) * 2012-05-04 2015-04-30 Rowem Inc. Icon Password Setting Apparatus and Icon Password Setting Method Using Keyword of Icon
US9531706B2 (en) * 2012-05-04 2016-12-27 Rowem Inc. Icon password setting apparatus and icon password setting method using keyword of icon
US20150143493A1 (en) * 2013-11-21 2015-05-21 Qnap Systems, Inc. Electronic device and login method thereof
US20160241703A1 (en) * 2015-02-16 2016-08-18 Ricoh Company, Ltd. Information processing system and device control method

Also Published As

Publication number Publication date
US8756670B2 (en) 2014-06-17
JP2010282285A (en) 2010-12-16

Similar Documents

Publication Publication Date Title
CN101472034B (en) Print control system, the print control server, the image forming apparatus and print control method
US20090046057A1 (en) Image forming apparatus, display processing apparatus, display processing method, and computer program product
US20050193340A1 (en) Apparatus and method regarding dynamic icons on a graphical user interface
JP4095639B2 (en) Method of controlling an image processing apparatus and an image processing apparatus
EP2336851A2 (en) Image forming apparatus and character input method thereof
US7681041B2 (en) Image formation apparatus, data reception method, program for performing data reception method, and storage medium for storing program
US9007616B2 (en) Printing apparatus which restricts printing of print job data
US7613412B2 (en) Device and job history display control method
US8780379B2 (en) Approach for implementing locked printing with unlock via a user input device
EP2150036A2 (en) Image forming apparatus able to re-execute workflow and method thereof
US8218165B2 (en) Interruption management method for an image forming apparatus
JP2011035690A (en) Image processing apparatus, job processing method, and program
US20100245899A1 (en) Image forming apparatus
CN102300029B (en) Server apparatus, image forming system, and method of managing print data
CN1290000C (en) Information processing apparatus and method
JP4711230B2 (en) Image forming apparatus and program
US9106868B2 (en) Image processing apparatus, control method therefor, and storage medium
US7835019B2 (en) Image forming apparatus and authentication and charging method
US8405856B2 (en) Image forming apparatus and job performing method
JP2012221069A (en) Information processor and method for controlling the same
US8531687B2 (en) Image formation device, display screen switching method, and program
EP2182714B1 (en) Image processing apparatus and image processing apparatus control method
US20070101420A1 (en) Job processing system, instruction creating device, and image reading device
US8009306B2 (en) Printing apparatus and print system
US20090009795A1 (en) Host device and method to set distributed printing

Legal Events

Date Code Title Description
AS Assignment

Owner name: KONICA MINOLTA HOLDINGS, INC., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ASANO, MOTOHIRO;MURAI, CHIHO;SIGNING DATES FROM 20100512 TO 20100513;REEL/FRAME:024436/0800

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551)

Year of fee payment: 4